3 days ago
New Attack Steals Your Windows Email, Passwords, 2FA Codes And More
The latest Katz malware version can steal most everything.
Infostealers are the new black. When it comes to hacking fashion, malware that steals user credentials has been in vogue for a while now. We've seen the evidence in the 19 billion compromised passwords that are already available online, or the 94 billion browser cookies published to the Dark Web and Telegram channels. Microsoft has been spearheading the fight against the credential-stealing criminals, leading the recent global takedown of large parts of the Lumma Stealer network infrastructure, for example. Yet, the danger still persists; in fact, it is evolving. New research has revealed that a notorious threat to Windows users has emerged in the form of a new variant that can steal most anything and everything. Here's what you need to know about Katz.
There is nothing particularly unusual about the way that the Katz Stealer malware is distributed. Victims are targeted through the usual cybercriminal methods, including phishing emails, malicious advertisements, dangerous search results, and dodgy downloads. Once installed, however, Katz looks to see if you are using Google Chrome, Microsoft Edge or the Brave web browser and goes into what is known as headless mode. This is pretty much as it sounds, a browser with no visible interface, running 'headless' in the background but with the body able to render pages and interact with the web as normal. Katz can also bypass Google's app-bound encryption protections for Chrome, according to security researchers, which would aid in the credential-stealing payload. And it's the payload that has us shaking our collective heads in disbelief.
A May 23 analysis of the latest Katz Stealer malware, by the Nextron threat research team, has revealed the true extent of this steal-everything threat to Windows users.
According to the full analysis, which I would recommend you go and read, after you finish here, of course, the range of Katz when it comes to data that can be stolen is, well, extensive.
As well as the usual mitigation advice for consumers to deploy two-factor authentication and passkeys on all accounts where available, apply all operating system and browser security updates as soon as possible and be alert to all the usual phishing tricks, the Nextron threat research team recommended the following for enterprise users:
Nextron also suggested watching out for the scanning of Windows registry keys and files associated with popular browsers and wallet applications, as this is indicative of Katz Stealer activity. As Sergeant Phil Esterhaus used to say, if you know you know, 'be careful out there.'
